Malicious `nouns.mint()` Revert will Pause Auction House

Summary

In NounsAuctionHouseV3::_createAuction(), the nouns.mint() function is wrapped in a try...catch block. A malicious actor can cause the nouns.mint() to revert by calling settleCurrentAndCreateNewAuction() with a pre-calculated gas amount. Despite the revert in nouns.mint(), the transaction completes, triggering the _pause() function and causing the auction house to pause unexpectedly.

Root Cause

The try...catch block in NounsAuctionHouseV3::_createAuction() pauses the auction house if nouns.mint() fails, while the required gas for nouns.mint() and _pause() is different.

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

No response

Impact

The auction house can be unexpectedly paused.

PoC

No response

Mitigation

Remove the try...catch around nouns.mint() in _createAuction().

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

046.md

046.md

Malicious `nouns.mint()` Revert will Pause Auction House

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Files

046.md

Latest commit

History

046.md

File metadata and controls

Malicious nouns.mint() Revert will Pause Auction House

Summary

Root Cause

Internal pre-conditions

External pre-conditions

Attack Path

Impact

PoC

Mitigation

Malicious `nouns.mint()` Revert will Pause Auction House